API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 20th, 2018
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.30 KB | None | 0 0
raw download clone embed print report
  1. [root@kl10opswn01 plugins]# sudo tail -n 50 /var/log/audit/audit.log
  2. type=VIRT_CONTROL msg=audit(1524214598.809:142002): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='vm=? vm-pid=? user=? auid=4294967295 hostname=? reason=api op=start exe=? exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  3. type=NETFILTER_CFG msg=audit(1524214601.290:142003): table=filter family=2 entries=124
  4. type=SYSCALL msg=audit(1524214601.290:142003): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=d59e50 items=0 ppid=76290 pid=20026 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  5. type=PROCTITLE msg=audit(1524214601.290:142003): proctitle=69707461626C65732D726573746F7265002D7735002D2D6E6F666C757368002D2D636F756E74657273
  6. type=NETFILTER_CFG msg=audit(1524214601.299:142004): table=nat family=2 entries=459
  7. type=SYSCALL msg=audit(1524214601.299:142004): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=7fc173a33010 items=0 ppid=76290 pid=20026 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  8. type=PROCTITLE msg=audit(1524214601.299:142004): proctitle=69707461626C65732D726573746F7265002D7735002D2D6E6F666C757368002D2D636F756E74657273
  9. type=NETFILTER_CFG msg=audit(1524214601.358:142005): table=filter family=2 entries=126
  10. type=SYSCALL msg=audit(1524214601.358:142005): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=24a4220 items=0 ppid=76290 pid=20037 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  11. type=PROCTITLE msg=audit(1524214601.358:142005): proctitle=69707461626C65732D726573746F7265002D7735002D2D6E6F666C757368002D2D636F756E74657273
  12. type=NETFILTER_CFG msg=audit(1524214601.364:142006): table=nat family=2 entries=449
  13. type=SYSCALL msg=audit(1524214601.364:142006): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=7fb1ec7c5010 items=0 ppid=76290 pid=20037 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  14. type=PROCTITLE msg=audit(1524214601.364:142006): proctitle=69707461626C65732D726573746F7265002D7735002D2D6E6F666C757368002D2D636F756E74657273
  15. type=VIRT_CONTROL msg=audit(1524214608.807:142007): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='reason=api op=exec vm=? vm-pid=? user=? auid=4294967295 exe=? hostname=? exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  16. type=VIRT_CONTROL msg=audit(1524214608.808:142008): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='vm-pid=? user=? auid=4294967295 hostname=? op=start vm=? exe=? reason=api exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  17. type=VIRT_CONTROL msg=audit(1524214618.805:142009): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='op=exec vm-pid=? exe=? hostname=? reason=api vm=? user=? auid=4294967295 exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  18. type=VIRT_CONTROL msg=audit(1524214618.807:142010): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='op=start user=? auid=4294967295 exe=? reason=api vm=? vm-pid=? hostname=? exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  19. type=NETFILTER_CFG msg=audit(1524214620.517:142011): table=filter family=2 entries=126
  20. type=SYSCALL msg=audit(1524214620.517:142011): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=1895dc0 items=0 ppid=76290 pid=20144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  21. type=PROCTITLE msg=audit(1524214620.517:142011): proctitle=69707461626C65732D726573746F7265002D7735002D2D6E6F666C757368002D2D636F756E74657273
  22. type=NETFILTER_CFG msg=audit(1524214620.523:142012): table=nat family=2 entries=449
  23. type=SYSCALL msg=audit(1524214620.523:142012): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=7f3b794b3010 items=0 ppid=76290 pid=20144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  24. type=PROCTITLE msg=audit(1524214620.523:142012): proctitle=69707461626C65732D726573746F7265002D7735002D2D6E6F666C757368002D2D636F756E74657273
  25. type=NETFILTER_CFG msg=audit(1524214620.576:142013): table=filter family=2 entries=124
  26. type=SYSCALL msg=audit(1524214620.576:142013): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=cbae50 items=0 ppid=76290 pid=20155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  27. type=PROCTITLE msg=audit(1524214620.576:142013): proctitle=69707461626C65732D726573746F7265002D7735002D2D6E6F666C757368002D2D636F756E74657273
  28. type=NETFILTER_CFG msg=audit(1524214620.581:142014): table=nat family=2 entries=459
  29. type=SYSCALL msg=audit(1524214620.581:142014): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=7f06e1f16010 items=0 ppid=76290 pid=20155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables-restor" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  30. type=PROCTITLE msg=audit(1524214620.581:142014): proctitle=69707461626C65732D726573746F7265002D7735002D2D6E6F666C757368002D2D636F756E74657273
  31. type=CRYPTO_KEY_USER msg=audit(1524214623.298:142015): pid=20195 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b1:21:49:5a:5b:74:8f:de:03:e1:5a:2b:4f:0a:db:27:26:f3:8d:1b:51:cb:0c:d2:8f:d7:6b:59:a8:ef:ea:a6 direction=? spid=20195 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
  32. type=CRYPTO_KEY_USER msg=audit(1524214623.299:142016): pid=20195 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:44:d3:71:ad:d6:94:54:27:02:34:db:a9:05:79:ce:0d:95:17:24:3f:fd:bd:35:8e:37:09:51:6b:4e:91:76:46 direction=? spid=20195 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
  33. type=CRYPTO_KEY_USER msg=audit(1524214623.299:142017): pid=20195 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:e2:a6:23:d5:b6:34:8f:37:b0:00:11:c8:00:6e:b8:19:c6:0d:d7:b8:9e:41:b0:47:87:fa:02:7b:fa:7a:8d:1c direction=? spid=20195 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
  34. type=CRYPTO_KEY_USER msg=audit(1524214623.299:142018): pid=20194 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:e2:a6:23:d5:b6:34:8f:37:b0:00:11:c8:00:6e:b8:19:c6:0d:d7:b8:9e:41:b0:47:87:fa:02:7b:fa:7a:8d:1c direction=? spid=20195 suid=74 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
  35. type=CRYPTO_KEY_USER msg=audit(1524214623.300:142019): pid=20194 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:b1:21:49:5a:5b:74:8f:de:03:e1:5a:2b:4f:0a:db:27:26:f3:8d:1b:51:cb:0c:d2:8f:d7:6b:59:a8:ef:ea:a6 direction=? spid=20194 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
  36. type=CRYPTO_KEY_USER msg=audit(1524214623.300:142020): pid=20194 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:44:d3:71:ad:d6:94:54:27:02:34:db:a9:05:79:ce:0d:95:17:24:3f:fd:bd:35:8e:37:09:51:6b:4e:91:76:46 direction=? spid=20194 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
  37. type=CRYPTO_KEY_USER msg=audit(1524214623.300:142021): pid=20194 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:e2:a6:23:d5:b6:34:8f:37:b0:00:11:c8:00:6e:b8:19:c6:0d:d7:b8:9e:41:b0:47:87:fa:02:7b:fa:7a:8d:1c direction=? spid=20194 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'
  38. type=USER_LOGIN msg=audit(1524214623.300:142022): pid=20194 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="/usr/sbin/sshd" hostname=? addr=127.0.0.1 terminal=ssh res=failed'
  39. type=NETFILTER_CFG msg=audit(1524214627.484:142023): table=nat family=2 entries=449
  40. type=SYSCALL msg=audit(1524214627.484:142023): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=7fbe50df2010 items=0 ppid=76290 pid=20209 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  41. type=PROCTITLE msg=audit(1524214627.484:142023): proctitle=69707461626C6573002D77002D41004B5542452D4D41524B2D4D415351002D74006E6174002D6A004D41524B002D2D7365742D786D61726B00307830303030343030302F30783030303034303030
  42. type=NETFILTER_CFG msg=audit(1524214627.507:142024): table=nat family=2 entries=450
  43. type=SYSCALL msg=audit(1524214627.507:142024): arch=c000003e syscall=54 success=yes exit=0 a0=4 a1=0 a2=40 a3=7fb26f04d010 items=0 ppid=76290 pid=20212 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" subj=system_u:system_r:unconfined_service_t:s0 key=(null)
  44. type=PROCTITLE msg=audit(1524214627.507:142024): proctitle=69707461626C6573002D77002D41004B5542452D504F5354524F5554494E47002D74006E6174002D6D00636F6D6D656E74002D2D636F6D6D656E74006B756265726E657465732073657276696365207472616666696320726571756972696E6720534E4154002D6D006D61726B002D2D6D61726B00307830303030343030302F
  45. type=VIRT_CONTROL msg=audit(1524214628.807:142025): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='reason=api auid=4294967295 exe=? hostname=? op=exec vm=? vm-pid=? user=? exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  46. type=VIRT_CONTROL msg=audit(1524214628.808:142026): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='reason=api op=start user=? vm=? vm-pid=? auid=4294967295 exe=? hostname=? exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  47. type=VIRT_CONTROL msg=audit(1524214638.807:142027): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='auid=4294967295 reason=api op=exec vm=? user=? vm-pid=? exe=? hostname=? exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  48. type=VIRT_CONTROL msg=audit(1524214638.813:142028): pid=1777 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='op=start exe=? reason=api vm=? vm-pid=? user=? auid=4294967295 hostname=? exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
  49. type=USER_CMD msg=audit(1524214646.356:142029): pid=20323 uid=0 auid=0 ses=292 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/usr/lib64/nagios/plugins" cmd=7461696C202D6E203530202F7661722F6C6F672F61756469742F61756469742E6C6F67 terminal=pts/0 res=success'
  50. type=CRED_REFR msg=audit(1524214646.356:142030): pid=20323 uid=0 auid=0 ses=292 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
  51. type=USER_START msg=audit(1524214646.357:142031): pid=20323 uid=0 auid=0 ses=292 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!